php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64679 segfault, buffer overflow detected
Submitted: 2013-04-20 06:29 UTC Modified: 2013-07-17 15:37 UTC
From: remi@php.net Assigned: osmanov (profile)
Status: Closed Package: event (PECL)
PHP Version: 5.5.0beta3 OS: GNU/Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: remi@php.net
New email:
PHP Version: OS:

 

 [2013-04-20 06:29 UTC] remi@php.net
Description:
------------
running 07-listener-error.php

Test script:
---------------
$ gdb php
(gdb) run 07-listener-error.php



Expected result:
----------------
No segfault


Actual result:
--------------
*** buffer overflow detected ***: /usr/bin/php terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7ffff4d194d7]
/lib64/libc.so.6(+0x3cd7307690)[0x7ffff4d17690]
/usr/lib64/php/modules/event.so(zim_EventListener___construct+0x2b6)[0x7fffcaa31026]
/usr/bin/php(dtrace_execute_internal+0x39)[0x555555777d09]
/usr/lib64/php/modules/xdebug.so(xdebug_execute_internal+0x13a)[0x7fffed6caafa]
/usr/bin/php(+0x2e27f3)[0x5555558367f3]
/usr/bin/php(execute_ex+0x38)[0x5555557f6898]
/usr/bin/php(dtrace_execute_ex+0x7d)[0x555555777bcd]
/usr/lib64/php/modules/xdebug.so(xdebug_execute_ex+0x394)[0x7fffed6cb184]
/usr/bin/php(zend_execute_scripts+0x158)[0x5555557895b8]
/usr/bin/php(php_execute_script+0x1ec)[0x55555572738c]
/usr/bin/php(+0x2e5f06)[0x555555839f06]
/usr/bin/php(+0xbb31a)[0x55555560f31a]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7ffff4c31735]
/usr/bin/php(+0xbb3ad)[0x55555560f3ad]


(gdb) bt
#0  0x00007ffff4c45935 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ffff4c470e8 in __GI_abort () at abort.c:91
#2  0x00007ffff4c84e8b in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7ffff4d875c0 "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198
#3  0x00007ffff4d194d7 in __GI___fortify_fail (msg=msg@entry=0x7ffff4d87566 "buffer overflow detected") at fortify_fail.c:32
#4  0x00007ffff4d17690 in __GI___chk_fail () at chk_fail.c:29
#5  0x00007fffcaa31026 in strcpy (__src=0x7ffff7fb4b95 "/tmp/1604843385.sock", __dest=0x7fffffffa37a "/tmp/1") at /usr/include/bits/string3.h:105
#6  zim_EventListener___construct (ht=<optimized out>, return_value=<optimized out>, return_value_ptr=<optimized out>, this_ptr=0x7ffff7fb2f00, return_value_used=<optimized out>)
    at /usr/src/debug/php-pecl-event-1.6.1/event-1.6.1/classes/listener.c:286
#7  0x0000555555777d09 in dtrace_execute_internal (execute_data_ptr=<optimized out>, fci=<optimized out>, return_value_used=<optimized out>)
    at /usr/src/debug/php5.5-201304181030/Zend/zend_dtrace.c:99
#8  0x00007fffed6caafa in xdebug_execute_internal () from /usr/lib64/php/modules/xdebug.so
#9  0x00005555558367f3 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7f7a4a0) at /usr/src/debug/php5.5-201304181030/Zend/zend_vm_execute.h:545
#10 0x00005555557f6898 in execute_ex (execute_data=0x7ffff7f7a4a0) at /usr/src/debug/php5.5-201304181030/Zend/zend_vm_execute.h:356
#11 0x0000555555777bcd in dtrace_execute_ex (execute_data=<optimized out>) at /usr/src/debug/php5.5-201304181030/Zend/zend_dtrace.c:75
#12 0x00007fffed6cb184 in xdebug_execute_ex () from /usr/lib64/php/modules/xdebug.so
#13 0x00005555557895b8 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at /usr/src/debug/php5.5-201304181030/Zend/zend.c:1316
#14 0x000055555572738c in php_execute_script (primary_file=primary_file@entry=0x7fffffffcb80) at /usr/src/debug/php5.5-201304181030/main/main.c:2479
#15 0x0000555555839f06 in do_cli (argc=2, argv=0x555555b7c3e0) at /usr/src/debug/php5.5-201304181030/sapi/cli/php_cli.c:993
#16 0x000055555560f31a in main (argc=2, argv=0x555555b7c3e0) at /usr/src/debug/php5.5-201304181030/sapi/cli/php_cli.c:1377


Patches

event-buffer-overflow.patch (last revision 2013-04-20 07:20 UTC by remi@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-04-20 07:20 UTC] remi@php.net
The following patch has been added/updated:

Patch Name: event-buffer-overflow.patch
Revision:   1366442451
URL:        https://bugs.php.net/patch-display.php?bug=64679&patch=event-buffer-overflow.patch&revision=1366442451
 [2013-07-17 15:37 UTC] osmanov@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: osmanov
 [2013-07-17 15:37 UTC] osmanov@php.net
Applied your patch in relese 1.6.2.
Thanks!
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Wed May 22 18:01:28 2019 UTC